Gervase Markham, a Mozilla developer who has been involved in the response to the DigiNotar failure, warned Iranian internet users on Monday to update their browsers, "log out of and back into every email and social media service you have" and change all passwords.

What part of Iran is Oregon in?

Cold war over.
Cyber war is all the rage.

This advice will please my team of carrier pigeons

Quote:

He advised users who wanted to be certain of secure communication with the government to return to using pen and paper.

The link I gave was found by doing a quick search on the web.
It is not the original article that was part of google news.
That article was done by someone else.
But as more people start using linux, hackers will target it also.

I do not think there is a safe place to protect your data.
Some say put it on paper.
Then I guess you get a shotgun and stand alert for break in attempts by burglers.
Barry can tell you about having data in your own home getting stolen.

With banking transactions, some say not to use the computer and do your transactions at the bank.
The problem with that, is that they use a computer to record your transactions and a hack of that banking division would lay bare your banking data.

So you do the best you can to protect your data and hope it stays safe.
EDIT:
For your information go to http://bkhome.org/blog/?viewDetailed=02465 and read the comment by Jota.
It appears that a bug fix update of SeaMonkey has been released that takes care of the fake security certificates.

But did you know that diginotar's parent company is located in Chicago in the good old USA?
Also, it seems some hacker is pissed off and threatening to distribute fake security certificates to other sites and possibly in other countries.

Firefox, SeaMonkey, Opera, Google Chrome, and IE have all distrubuted updates to address this. So it has the possibility of not being confined to just one country.

One would need to know then what version of FireFox that will get the more protecting patch them make?

Why does one need certificates? oh sorry I guess it is https and the s means secure and to make it secure them use a Certificate that it is secure?

So in what other way can one know if it is a man in the middle thing one have been victim of?

Would it help to know the number of the site and not use DNS at all. One always looks up on the HDD what real number google Gmail has and that way one are ones own DNS and don't rely on any Certification?_________________I use Google Search on Puppy Forum
not an ideal solution though

Update 2: Google is following Mozilla's lead by marking DigiNotar untrusted in the next release of the Chrome OS (Chromium).

Original post: Reports surfaced this morning that accuse the government of Iran with trying to perform a man-in-the-middle attack against Google's SSL services. ...
The certificate in question was issued on July 10th by Dutch SSL certificate authority DigiNotar. DigiNotar revoked the certificate today at 16:59:03 GMT, but many browsers do not check for revoked certificates by default. ...

So I need to learn more about this "many browsers do not check for revoked certificates by default. ..."

Does my FF do that? I have no idea!

next text.

Quote:

Last March ComodoHacker claimed responsibility for the first attack against a certificate authority that resulted in bogus SSL certificates being issued in the wild.

In addition to claiming his attacks are far more sophisticated than Stuxnet and distancing himself from the Iranian government, he also claims to have compromised four other certificate authorities, including GlobalSign.

GlobalSign logoGlobalSign, the fifth largest certificate issuer according to NetCraft, responded to this news by immediately ceasing any further signing of certificates while they investigate.

Their response is interesting. While we don't know if they have been compromised (and arguably, neither do they) they are making a tough choice that is what we should expect from organizations whose business models rely on trust.

Comodo has already revoked the 9 fraudulent certificates. The revoked certificate serial numbers are published in Comodo's Certificate Revocation List (CRL), which can be manually imported and consumed on most platforms; on Windows via certmgr.msc, on OSX via KeyChain, or directly into some browsers, like Firefox.

Enabling certificate revocation checking in your browser is also advisable, not only for this particular issue, but to benefit from past and future revocation information as well.

so how do I do such things?_________________I use Google Search on Puppy Forum
not an ideal solution though

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum